readenglishbook.com » Law » GDPR Articles With Commentary & EU Case Laws, Adv. Prashant Mali [books to read as a couple .txt] 📗

Book online «GDPR Articles With Commentary & EU Case Laws, Adv. Prashant Mali [books to read as a couple .txt] 📗». Author Adv. Prashant Mali



1 ... 39 40 41 42 43 44 45 46 47 ... 71
Go to page:
as estate agents concern identified or identifiable natural persons, and therefore constitute personal data.

Transposition/harmonisation: Article 13(1) states “Member States may” and thus does not oblige the Member States to lay down in their national law exceptions for the purposes listed therein. Rather, they have the freedom to decide whether, and for what purposes, to take legislative measures aimed at limiting the extent of the obligations to inform the data subject. Further, they may take such measures only when necessary.

Derogations: The activity of a body such as IPI (a professional body responsible for ensuring compliance with the rules governing the profession of estate agent which is a regulated profession in Belgium, through investigating and reporting breaches of those rules) corresponds to “the prevention, investigation, detection and prosecution of criminal offences, or of breaches of ethics for regulated professions” and is capable of coming under that exception. The directive does not prevent such a professional

body from having recourse to private investigators. Thus, if a Member State has chosen to implement the exception, then the professional body and private detectives may rely on it and are not subject to the obligation to inform the data subject. However, if the Member State has not implemented the exception, the data subjects must be informed.

Rules on access to a regulated profession form part of the rules of professional ethics, therefore investigations concerning the acts of persons who breach those rules by passing themselves off as estate agents are covered by the exception in Article 13(1)(d).

 

1.26. C-486/12, X, 12.12.2013 (“X”)

Reference for a preliminary ruling by the Gerechtshof te ‘s-Hertogenbosch (Netherlands). X requested her municipality to disclose her various addresses in 2008 and 2009 to prove that she had not received notices requesting payment of a fine for a traffic violation. The municipality responded with a certified transcript, demanding payment of a fee of EUR 12,80.

Questions referred: (1) Whether the provision of access to data pursuant to a provision under national law constitutes compliance with the obligation to communicate data undergoing processing (Article 12(a) of Directive 95/46); (2) Whether Article 12(a) precludes the levying of fees in respect of the communication, by means of a transcript from the municipal database, of personal data undergoing processing; (3) Whether the levying of the present fee is excessive.

Access: Article 12(a) of Directive 95/46 does not require Member States to levy fees when the right of access to personal data is exercised, nor does it prohibit the levying of such fees as long as they are not excessive. Access must be without constraint, without excessive delay and without excessive expense. The fees should be fixed at a level which constitutes a fair balance between, on the one hand, the interest of the data subject in protecting his privacy, in particular his right to have the data communicated to him in an intelligible form, and on the other, the burden which the obligation to communicate such data represents for the controller. The fees may not be fixed at a level likely to constitute an obstacle to the exercise of the right of access, and it should not exceed the cost of communicating such data.

 

C-212/13, RYNES V. ÚŘAD PRO OCHRANU OSOBNICH ÚDAJŮ, 11.12.2014 (“RYNES”)

Reference for a preliminary ruling by the Nejvyššĭ správní soud (Czech Republic). The applicant (a private individual) installed and used a video camera system located under the eaves of his home, which recorded the entrance to his home, the public footpath and the entrance to the house opposite. The purpose was to protect the property, health and life of his family and himself, as they had been subjected to attacks by persons unknown whom it had not been possible to identify. A further

attack took place, which was recorded, and the recording made it possible to identify two suspects. The applicant provided the recording to the police who relied on it in subsequent criminal proceedings.

Question referred: Whether the operation of a camera system installed on a family home for the purposes of the protection of the property, health and life of the owners of the home can be classified as the processing of personal data “by a natural person in the course of a purely personal or household activity” for the purposes of Article 3(2) of Directive 95/46, even though such a system also monitors public space.

Definition of personal data: The image of a person recorded by a camera constitutes personal data because it makes it possible to identify the person concerned.

Definition of processing: Video surveillance involving the recording and storage of personal data falls within the scope of the Directive, since it constitutes automatic data processing.

Processing for purely personal or household activity: Protection of the fundamental right to private life guaranteed under Article 7 of the CFR requires that derogations and limitations in relation to the protection of personal data must apply only in so far as is strictly necessary. Also, the wording of the derogation refers to “purely” personal or household activity, not simply a personal or household activity. Correspondence and the keeping of address books constitute, in the light of recital

12 to Directive 95/46, a purely personal or household activity, even if they incidentally concern the private life of other persons. However, to the extent that the video surveillance covers, even partially, a public space and is accordingly directed outwards from the private setting of the person processing the data, it cannot be regarded as a purely personal or household activity. Thus, the consent of the data subject would be required to process his data.

Definition of controller: Arts. 7(f), 11(2) and 13(1)(d) and (g) make it possible to take into account the legitimate interests of the controller in protecting the property, health and life of his family and himself.

 

C-615/13 P, CLIENT EARTH ET AL. V. EFSA, 16.7.2015 (“CLIENT EARTH”)

Appeal from a judgment of the General Court dismissing an action for annulment of a decision of EFSA concerning access to documents. EFSA had developed a draft guidance on how to implement a provision of the Regulation of the European Parliament and of the Council concerning the placing of plant protection products on the market, which provided that “scientific peer-reviewed open literature, as determined by [the agency], concerning the side effects on health, the environment, and non-target species, shall be added by the applicant [for authorisation to place a plant protection product on the market].” A working group of the agency submitted the draft guidance to two EFSA bodies, some of whose members were external

experts, who were invited to submit comments on the draft guidance. As a result of the comments, the working group incorporated changes into the draft guidance. The guidance, as modified, was submitted for public consultation. EFSA stated that it redacted the names of the experts pursuant to Article 4(1)(b), because disclosure of the experts’ names would be a transfer of personal data pursuant to Article 8, and the conditions for such transfer were not satisfied. The names of the experts concerned, together with the opinions expressed by them on the draft guidance, were published on the EFSA website.

The applicant requested access to several documents. EFSA granted partial access, but denied access in response to both the initial and confirmatory application to working versions of the draft guidance and comments of the experts on the draft. In a subsequent decision, EFSA granted the individual comments of the external experts, but redacted the names of the experts, pursuant to Article 4(1)(b) and Regulation 45/2001. It stated that provision of the names would constitute a transfer of personal data under Article 8 of Regulation 45/2001, and that the conditions for such a transfer were not fulfilled.

Definition of personal data: The information as to which expert is the author of each comment made by the external experts constitutes information, which falls within the scope of personal data. The fact that the information is provided as part of a professional activity does not mean that it cannot be characterized as personal data. The concepts of personal data and data relating to private life are not to be confused. The claim that the information concerned does not fall within the scope of private life is therefore ineffective.

Likewise, the fact that both the identity of the experts concerned and the comments submitted on the draft guidance were made public on the EFSA website does not mean such data cannot be characterized as personal data. Finally, characterization of information relating to a person as personal data does not depend on whether the person objects to the disclosure of that information.

Access: Where an application is made seeking access to personal data, the provisions of Regulation 45/2001 (particularly Article 8(b)) become applicable in their entirety. Under Article 8(b), personal data may generally be transferred only if the recipient establishes necessity and if there is no reason to assume that the transfer might prejudice the legitimate interests of the data subject. Thus, the transfer is subject to these two cumulative conditions being satisfied. The applicant must establish the first condition, and the institution must determine whether there is such reason. If there is no such reason, the transfer must be made; if there is such reason, the institution must weigh the various competing interests in order to decide on the request.

Necessity/proportionality: No automatic priority can be conferred on the objective of transparency over the right to protection of personal data. However, the information was necessary to ensure the transparency of the process of adoption of a measure likely to have an impact on the activities of economic operators, in

particular, to appreciate how the form of participation by each expert might have influenced the content of that measure. Transparency of the process followed by a public authority for adoption of a measure contributes to the authority acquiring greater legitimacy in the eyes of the persons to whom the measure is addressed and increasing their confidence in that authority, and ensuring the authority is more accountable to citizens in a democratic system. Obtaining the information at issue was therefore necessary so that the impartiality of each expert in carrying out their tasks as scientists in the service of EFSA could be ascertained. Thus, the public interest justified the disclosure of the information at issue, in accordance with Article 8(a) and (b).

Access to documents: The consideration that disclosure was likely to undermine the privacy and integrity of the experts concerned is a consideration of a general nature not otherwise supported by any factor specific to the case. Disclosure would have made it possible for suspicions of partiality to be dispelled or allowed the experts to dispute the merits of those allegations. If a general consideration, unsupported by evidence, were to be accepted, it could be applied to any situation where an EU authority obtains experts opinions, contrary to the requirement that exceptions to the right of access to documents must be interpreted strictly. Thus, the conditions required by Article 8(b) were satisfied.

 

C-201/14, SMARANDA BARA ET AL. V. PRESEDINTELE CASEI NATIONALE DE ASIGURARI DE SANATATE (CNAS) ET AL., 1.10.2015 (“BARA”)

Reference for a preliminary ruling by the Romanian Court of Appeal. Applicants earn income from self-employment. Data relating to their declared income was transferred by ANAF (the national tax authority) to CNAS (the national health insurance authority); the latter sought payment of arrears of contributions to the health insurance regime, based on this data. The applicants challenged the lawfulness of the transfer of tax data relating to their income, alleging that the data were used for purposes other than those for which they had initially been provided to ANAF, without their prior explicit consent and without having been previously informed.

Questions referred (partial listing): Whether personal data may be processed by authorities for which such data were not intended where such an operation gives rise, retroactively, to financial loss.

Definition of personal data: Tax data transferred are personal data, since they are “information relating to an identified or identifiable natural person.”

Definition of processing: Both the transfer of the data by ANAF, and the subsequent processing by CNAS, constitute processing of personal data.

Information: The requirement of

1 ... 39 40 41 42 43 44 45 46 47 ... 71
Go to page:

Free e-book «GDPR Articles With Commentary & EU Case Laws, Adv. Prashant Mali [books to read as a couple .txt] 📗» - read online now

Comments (0)

There are no comments yet. You can be the first!
Add a comment